Python Cryptographic Authority pyopenssl Memory Handling Denial of Service Vulnerability



A vulnerability in Python Cryptographic Authority pyopenssl could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists because the affected software fails to release memory before removing the last reference in a Public Key Cryptography Standards (PKCS) #12 store. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system, in an attempt to cause the application to reload certificates from a PKCS #12 store. A successful exploit could exhaust memory resources, resulting in a DoS condition.

Python Cryptographic Authority has confirmed the vulnerability and released software updates.

Security Impact Rating: Low

CVE: CVE-2018-1000808

Source:: Cisco Multivendor Vulnerability Alerts